Pierluigi Paganini November 03, 2013

Google Hacking is a formidable method for reconnaissance. Mass website hacking tools based on Google-dorks advantage the malicious online activities.

Google hacking is a must for hackers and pen testers, the popular search engine is a mine of information for targeted analysis and reconnaissance phase. In the past we discussed on how to use Google hacking techniques to gather information on specific targets and discover vulnerable website on a large-scale.

I decided to start from a submodule of the hacking program proposed by The Hacker Academy dedicated to use of Google during a penetration test to extend the discussion with a proof of concept. The attacker’s job is advantaged by the availability on the black market of numerous DIY tools that make possible the execution of the large amount of specifically crafted query to discover vulnerable websites.

The security expert Dancho Danchev just published an interesting post on Google-dorks based mass Web site hacking/SQL injecting tool used by cyber criminals to facilitate the above malicious online activity.

Typically attackers, also not necessary skilled professionals, use Google hacking techniques to identify possible targets, Google Dorks are a powerful instrument to mass web site hacking, in a second phase they adopt public/commercial availability tools relying on the exploitation of remote Web application vulnerabilities. Insecurely configured websites, CMS and social media platforms are privileged targets easy to identify and to compromise. One of the principal monetization process is the rent of malicious botnet composed of millions of malware-infected hosts compromised also thanks the above techniques.

Google hacking tools are also used for a second purpose, cybercriminals exploit them to collect huge quantities of data to resell on the underground.

In his post Danchev profiled a DIY (do it yourself) type of mass Web site hacking tool as a case study to demonstrate how easy it is to efficiently compromise tens of thousands of Web sites that have been indexed by the World’s most popular search engine.

The above pictures show a user-friendly GUI of the tool designed for automatic mass websites scanning, the purpose is the automated reconnaissance for hosts vulnerable to SQL injection attacks due the presence of known flaw.

“Once a compromise takes place, the attacker is in a perfect position to inject malicious scripts on the affected sites, potentially exposing their users to malicious client-side exploits serving attacks. Moreover, as we’ve seen, the same approach can be used in a combination with privilege escalation tactics that could eventually “convert” the compromised host as part of an anonymous, cybercrime-friendly proxy network, as well act as a hosting provider for related malicious of fraudulent content like malware or phishing pages.”

Security analysts expect to continue observing similar Google Hacking tools, even more oriented to the needs of a growing number of clients that look at black market to acquire user’s friendly DIY tools for illegal activities.

It is strongly suggested to administrators to carefully review security settings for their websites, misconfiguratios are the primary cause of data breaches and make their website easily identifiable with DIY tools based on Google hacking principles.